Cenzic 232 Patent
Paid Advertising
web application security lab

Google Spam Redirects

I’ve been gone for a few days and one of the very first things I find in my inbox is an email that apparently wants me to click on a link. That link is going to Google. That link is a redirector. That link is obfuscated with URL encoding. Who knows what’s on that link! I’ve learened to distrust Google links, so I’m smart enough not to simply click on it without doing some investigations first. Let’s Look at the message, shall we?


I changed the unique string at the end, but otherwise this URL is intact and working. What is this? Well, by golly, it’s cialis/viagra spam! What have we learned? Google links are not to be trusted. Why would you allow your infrastructure to support spam redirection in emails? Should I start adding www.google.com to my anti-spam engines? Maybe to my content filters? I hate to say it, but I think I called this one.

4 Responses to “Google Spam Redirects”

  1. Comment Section Contest: Google URL Redirect Fix SEO Black Hat: SEO Blog Says:

    […] RSnake comes out with another great find: this time it’s an exploit in Google that lets you inject a redirction into a URL that starts with: […]

  2. RSnake Finds Google’s Employee Redirect URL. » Making Money Online - Boogybonbon.com » Blog Archive Says:

    […] RSnake wrote a nice article on google spam redirects. The URL he referenced I recognized the very minute I seen it. […]

  3. Lokówka - bo warto wiedzieć. » Niebezpieczne linki z Google. Says:

    […] RSnake opisuje lukę w oprogramowaniu Google, która pozwala na redirect użytkownika linkiem z domeny Google.com na dowolną stronę. Niekoniecznie w dobrej intencji. Luka dotyczy URLa o następującym, niewinnym wyglądzie: http://www.google.com/url?q= […]

  4. Matt Cutts Says:

    I believe Google has added a warning message on this url redirection now, so that people have to click to follow that link. That should help a lot with things like phishing.